Attorney Docket No.: 020366-09 1700US 



PATENT APPLICATION 

A NETWORK INTERFACE DEVICE HAVING VIRTUAL PRIVATE 

NETWORK CAPABILITY 



Inventor(s): Jelena Magarasevic, a citizen of Yugoslavia, residing at 
6265 West Sumac Avenue 
Littleton, CO 80123 



Steven M. Casey, a citizen of the United States, residing at 
6265 West Sumac Avenue 
Littleton, CO 80123 



Bruce A. Phillips, a citizen of the United States, residing at 
1342 Washburn Street 
Erie, CO 80516 



Donald Brodigan, a citizen of the United States, residing at 
6281 West 110th Ave. 
Broomfield, CO 80020 



Assignee: Qwest Communications International Inc 
1801 California Street 
Denver, CO, 80202-2658 

Entity: Other than a small entity 



TOWNSEND and TOWNS END and CREW LLP 
Two Embarcadero Center, 8 th Floor 
San Francisco, California 941 1 1-3834 
Tel: 303-571-4000 



PATENT 

Attorney Docket No.: 020366-091 700US 



A NETWORK INTERFACE DEVICE HAVING VIRTUAL PRIVATE 

NETWORK CAPABILITY 

CROSS-REFERENCES TO RELATED APPLICATIONS 
5 [0001] This application is a continuation-in-part of and claims the benefit of U.S. Pat. Appl. 
No. 10/356,364, entitled "PACKET NETWORK INTERFACE DEVICE AND SYSTEMS 
AND METHODS FOR ITS USE," filed January 31, 2003 by Bruce A. Phillips et al \ is a 
continuation-in-part of and claims the benefit of U.S. Pat. Appl. No. 10/356,688, entitled 
"SYSTEMS, METHODS AND APPARATUS FOR PROVIDING A PLURALITY OF 
1 0 TELECOMMUNICATION SERVICES," filed January 3 1 , 2003 by Bruce A. Phillips et al ; 
and is a continuation-in-part of and claims the benefit of U.S. Pat. Appl. No. 10/356,338, 
entitled "CONFIGURABLE NETWORK INTERFACE DEVICE AND SYSTEMS AND 
METHODS FOR ITS USE," filed January 31, 2003 by Bruce A. Phillips et aL, the entire 
disclosure of each of which is herein incorporated by reference for all purposes. 

15 

BACKGROUND OF THE INVENTION 
[0002] The present invention relates to providing information services to a customer via a 
virtual private network. In the past, there has been no consistent interface between 
telecommunication service providers' networks and their customers' premises wiring. For 

20 instance, telephone service often has been hard- wired to the customer's premises wiring by a 
variety of methods, rendering service calls unnecessarily complicated and intrusive. Such 
services calls often required service personnel to enter the customer premises, creating 
logistical issues for the telecommunication service provider and increasing customer 
frustration. Moreover, the lack of any discrete interface between the customer's premises 

25 wiring and the provider's network sometimes forced the use of proprietary hardware from the 
customer's perspective and limited the provider's flexibility when considering options to 
upgrade or otherwise modify the network. 

[0003] This problem has been exacerbated by the increased number of telecommunication 
services provided to customer premises. For instance, many telecommunication service 
30 providers now provide xDSL service to their customers, but those skilled in the art will 

recognize that there is little (if any) standardization among providers. Thus, implementations 



vary widely, each requiring different hardware and software configurations to be operable, 
and customers have little flexibility in choosing hardware. For instance, ADSL service 
frequently is deployed differently than VDSL service, and ADSL deployments themselves 
can vary from provider to provider. Likewise, telephone wiring schemes can vary widely 
5 among customer premises, requiring different types of hardware to enable and enhance 
services, such as filters to control interference, and the like. Further, a typical customer 
premises has multiple wiring networks, including one for video distribution (cable, satellite, 
VDSL, and the like), one for data distribution (Ethernet or the like, perhaps with a connection 
to an xDSL modem or cable modem), and another for telephone service, and these networks 
1 0 generally operate independently of one another. And if a customer wants to add a new 

telecommunication service, an expensive service call (often including one or more new cable 
drops and/or the installation of new premises wiring) likely will be required. 

[0004] Given the wide variety of telecommunication information and services available in 
the marketplace, it would be helpful if a single provider could allow multiple information 

15 providers to initiate services to a customer premises, increasing both efficiency for the 

providers and ease-of-use for the customer. This proliferation of telecommunication services 
also has created a need for a more flexible interface between the telecommunication service 
provider's network and the customer's premises. Preferably, such an interface would be 
addressable and/or programmable, so that the interface could quickly and easily be updated to 

20 accommodate new services and/or technologies. Further, it would be helpful if the interface 
were capable of serving as a termination point for secure communication between service 
providers or other information sources and the customer's premesis. 

[0005] The present inventor provides devices, systems and methods for addressing these 
and other problems. 

25 

BRIEF SUMMARY OF THE INVENTION 
[0006] Embodiments of the invention provide a method for providing the communication 
of information services between customer premises equipment (CPE) at a customer's 
premises and a source of the information services. The method includes providing a 
30 demarcation device at the customer's premises. The demarcation device defines an interface 
between an external transport medium that is substantially external to the customer's 
premises and an internal transport medium that is substantially internal to the customer's 
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premises. The method also includes establishing a virtual private network (VPN) between 
the demarcation device and the source of information services and establishing a virtual local 
area network (VLAN) between the demarcation device and the CPE. In some embodiments 
the method of claim includes receiving a signal at the demarcation device from the source of 
5 the information services via the VPN, consulting a routing table at the demarcation device to 
determine the VLAN of the CPE, and routing the signal to the CPE via the VLAN. 

[0007] In some embodiments the method includes establishing a VLAN between the 
demarcation device and the CPE includes establishing an interface between the CPE and the 
demarcation device, transmitting information from the CPE to the demarcation device via the 

10 interface. The information includes an address of the CPE. In these embodiments the 
method also includes writing at least a portion of the information to a routing table. The 
routing table also includes a VLAN tag that identifies the VLAN between the CPE and the 
demarcation device. The interface between the CPE and the demarcation device may include 
a selection from the group consisting of fiber optic connection, coaxial connection, twisted 

1 5 pair copper wire connection, and wireless connection. Establishing a VPN between the 
demarcation device and the source of information services may include establishing an 
interface between the demarcation device and the source of information services and writing 
information to a routing table at the demarcation device. In such cases, the information may 
identifie a service and a termination location of the VPN. The service may include a 

20 selection from the group consisting of voice, data, and video. The service also may include a 
selection from the group consisting of video on demand, voice over internet protocol, 
broadband Internet access, television programming, online gaming, music on demand, instant 
messaging, and alarm systems signaling. The service also may include utility monitoring and 
control. The interface between the demarcation device and the source of information services 

25 may include a selection from the group consisting of fiber optic connection, coaxial 

connection, twisted pair copper wire connection, wireless connection, and satellite-based 
connection. 

[0008] In other embodiments, the present invention provides a demarcation device 
configured to facilitate the communication of information services between customer 
30 premises equipment (CPE) at a customer's premises and a source of the information services. 
The demarcation device includes means for establishing a virtual private network (VPN) with 
a source of information services. The signals are received at the demarcation device from the 
source of information services via an interface comprising an external transport medium 
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substantially external to the customer's premises. The demarcation device also includes 
means for establishing a virtual local area network (VLAN) with the CPE. The signals are 
sent from the demarcation device to the CPE via an interface comprising an internal transport 
medium substantially interior to the customer's premises. The demarcation device also 
5 includes a routing table that stores information used to map signals from the VPN of the 
source of information services to the VLAN of the CPE. 

[0009] In still other embodiments, the present invention provides a method of registering 
customer premises equipment (CPE) at a customer's premises with a demarcation device to 
receive information services from a source of the information services via a virtual private 

10 network (VPN). The method includes establishing a VPN between the demarcation device 
and the source of information services. The VPN is comprised by an external transport 
medium substantially exterior to the customer's premises. The method also includes 
establishing an interface between the CPE and the demarcation device. The interface is 
comprised by an internal transport medium substantially internal to the customer's premises. 

15 The method also includes establishing a virtual local area network (VLAN) between the CPE 
and the demarcation device by transmitting an address of the CPE to the demarcation device 
and storing at least a portion of the address in a routing table of the demarcation device. The 
routing table includes a CPE receiving device. 

[0010] In still other embodiments the present invention provides a demarcation device 
20 configured to facilitate the communication of information services between customer 

premises equipment (CPE) at a customer's premises and a source of the information services. 
The device includes an interface between an internal transport medium substantially internal 
to the customer's premises and an external transport medium substantially external to the 
customer's premises and a microserver. The microserver is programmed to serve as a 
25 termination point for a virtual private network (VPN) between the demarcation device and 

the source of information services, is programmed to serve as a termination point for a virtual 
local area network (VLAN) between the demarcation device and the CPE, and is 
programmed to map signals received from the source of information services via the VPN to 
the CPE via the internal transport medium. 

30 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0011] A further understanding of the nature and advantages of the present invention may 
be realized by reference to the figures, which are described in the remaining portion of the 
specification. In the figures, like reference numerals are used throughout several figures to 
5 refer to similar components. In some instances, a reference numeral may have an associated 
sub-label consisting of a capital letter to denote one of multiple similar components. When 
reference is made to a reference numeral without specification of a sub-label, the reference is 
intended to refer to all such multiple similar components. 

[0012] Figs. 1 A-1G illustrate systems for using demarcation devices according to certain 
10 embodiments of the invention. 

[0013] Fig. 2 A illustrates a network interface device according to certain embodiments of 
the invention. 

[0014] Fig. 2B is a cross-sectional drawing further illustrating the network interface device 
of Fig. 2A. 

15 [0015] Fig. 3 is a schematic drawing illustrating a processing system that can be included in 
a network interface device according to certain embodiments of the invention. 

[0016] Fig. 4 illustrates a distributed network interface device according to certain 
embodiments of the invention. 

[0017] Fig. 5 illustrates a network interface device providing a variety of 
20 telecommunication services to a customer premises according to certain embodiments of the 
invention. 

[0018] Fig. 6 illustrates a method of providing telecommunication services using a 
demarcation device, in accordance with certain embodiments of the invention. 

[0019] Fig. 7 illustrates an embodiment of a demarcation device that provides VPN 
25 capability. 

[0020] Fig. 8 illustrates a system incorporating a demarcation device having VPN and 
VLAN terminations. 

[0021] Fig. 9 illustrates a routing table according to embodiments of the invention. 



5 



[0022] Fig. 10 illustrates a method of registering a CPE device with a demarcation device 
according to embodiments of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 
5 [0023] Certain embodiments of the present invention are directed to demarcation devices 
that can be used to provide telecommunication services, as well as to methods and systems of 
using such devices. A demarcation device can be any device capable of serving as an 
interface between a customer premises and a telecommunication service provider's network. 
Such devices can include, merely by way of example, set top boxes (which can be used, inter 

10 alia, as an interface between a customer's video appliance and a provider's video network), 
broadband modems (including xDSL modems, cable modems and wireless modems, each of 
which can be used to provide video and/or data to a customer premises), integrated access 
devices (which can, for instance, translate between Voice over IP ("VoIP") signals and 
traditional telephone signals, thus allowing traditional telephones to connect to a VoIP 

15 network), devices compatible with the session initiation protocol ("SIP") familiar to those 
skilled in the art, and/or the like. One particular demarcation device is a network interface 
device ("NID"), described in detail below. In certain aspects, demarcation devices can be 
used to separate received telecommunication information into discrete sets, and optionally to 
process certain of those sets independently from other sets and/or transmit different sets to 

20 different locations, perhaps through the use of different interfaces. 

[0024] As used herein, references to the term "telecommunication information" should be 
interpreted to include any information that can be transmitted or carried by a 
telecommunication service provider's network {e.g., the Public Switched Telephone Network 
or "PSTN") or by any other telecommunication network, including but not limited to the 

25 Internet. Such information includes, for example, voice signals {e.g., Plain Old Telephone 
Service or "POTS," as the term is known to those skilled in the art), audio and video signals 
(encoded in any standard and/or proprietary, digital and/or analog format now known or 
hereafter developed, using any of a variety of means known to those skilled in the art, such as 
HDTV, NTSC and PAL formatting, as well as, for example, any of the MPEG digital 

30 encoding and/or compression algorithms), and data. Such data can be formatted according 
any of a variety of protocols familiar in the art, including in particular any of the protocols 
known in the art as part of the TCP/IP suite, in particular the Internet Protocol ("IP"). Data 
can also include infrastructural protocols, including, for instance, routing protocols and 
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protocols necessary to implement advanced networking schemes known to those skilled in 
the art, such as multiprotocol label switching ("MPLS"), Ethernet in the first mile ("EFM"), 
to name but two 

[0025] In this document, the term "telecommunication service provider" can mean any 
5 entity that provides telecommunication service to a customer's premises, including, merely 
by way of example, incumbent local exchange carriers, competitive local exchange carriers, 
cable television carriers, and satellite providers, to name a few. In contrast, the term 
"telecommunication information provider," means any entity that is capable of serving as a 
source of telecommunication information. In many cases, a particular entity may be 

1 0 considered both a telecommunication service provider and a telecommunication information 
provider, for instance, when a local exchange carrier provides Internet service to a customer, 
as well as the external transport medium attached to that customer's premises. In other cases, 
the two may be separate entities. For instance, according to certain embodiments of the 
invention, a cable television provider could contract with a local exchange carrier to provide 

15 broadcast television signals to a customer premises using the local exchange carrier's 
network and/or an external transport medium operated by the local exchange carrier. 

[0026] The term "telecommunication information set" is used to describe a discrete subset 
of the telecommunication information transmitted across a particular transport medium and/or 
received by a demarcation device. Generally, the telecommunication information that is 

20 classified part of a particular information set shares a common characteristic. Merely by way 
of example, an information set can comprise telecommunication information of a particular 
type (e.g., voice, IP data, encoded video, and such), information associated with a particular 
application (e.g., information assigned to a specific IP port, as is known in the art, or 
information used by a particular software and/or hardware program), information addressed 

25 to or received from a particular device or network segment, information received within a 
particular reception window, and the like. 

[0027] In certain embodiments, demarcation devices can support the one-way flow of 
telecommunication information, as for example, in the case of a simple set top box, which 
can receive data representing a video signal, decode that data, and transmit a video signal to 
30 an attached television. In other embodiments, however, demarcation devices can support 

bidirectional flow of telecommunication information. For example, an xDSL modem allows 
the transmission of data both to and from a customer premises. In still other embodiments, a 
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demarcation device can be configured to support both unidirectional and bidirectional 
information flows simultaneously, depending on the type of telecommunication information 
transmitted or the source of the information. 



[0028] In one important aspect, demarcation devices can function to isolate the 
5 telecommunication service provider's network from the network at the customer premises. 
As described in detail below, the service provider's network can be thought of as an "external 
transport medium," while the customer's network can be termed an "internal transport 
medium." Both external transport media and internal transport media are types of "transport 
media," a term used in this document to describe any cable, wire or other medium capable of 

10 carrying telecommunication information, including, but not limited to, twisted pair copper 
wiring (shielded or unshielded, including, for example, unshielded cables complying with 
industry-standard categories 3, 5, 5e and 6 and shielded cables commonly known as Token 
Ring™ cables, to name a few), optical fiber (including both single-mode and multimode fiber, 
as well as doped fiber, wavelength-division multiplexed, coarse wavelength-division 

1 5 multiplexed, wide wavelength-division multiplexed, dense wavelength-division and ultra- 
dense wavelength-division multiplexed fiber) and coaxial cable. 

[0029] Other examples of transport media can also include universal serial bus ("USB") 
cable, cable complying with the Institute of Electrical and Electronics Engineers' ("IEEE") 
1394 standard, as well as any medium capable of complying with the many local area 

20 networking standards known in the art. Of course, a transport medium need not be a physical 
medium; it can also comprise any of a wide variety of wireless transmissions, including (but 
not limited to) infra-red transmissions, radio frequency ("RF") transmissions, and 
transmissions complying with standards developed by any of the IEEE's working groups 
governing wireless communication (e.g., the 802.1 1, 802.15, 802.16 and 802.20 working 

25 groups). Similarly, a transport medium can comprise other wireless technologies, such as 
point-to-point microwave, including local multipoint distribution system ("LMDS"), 
microwave multipoint distribution system and/or multipoint multi-channel distribution 
system (collectively, "MMDS") transmissions, and satellite, cellular/PCS, and/or ultra 
wideband transmissions, to name a few. 

30 [0030] In certain embodiments, a demarcation device can act as an active demarcation 
point, serving to isolate the external transport medium from the internal transport medium 
(perhaps via an isolation device, discussed below), such that operational changes in one 



network do not affect the other network. "Operational changes" can include any changes in 
the structure, topology, format, protocol, bandwidth, media and/or other operational 
parameters of a network. This feature can provide many benefits; for instance, the 
demarcation device can serve as a disclosed interface between a customer premises and a 
5 provider's network, allowing the provider to implement changes in its network without 
disrupting the service provided to the customer. 

[0031] Likewise, the isolation of the internal transport medium from the external transport 
medium can allow for any variety of customer premise equipment ("CPE") (which can be any 
device that sends, receives or otherwise utilizes telecommunication information) to be used at 
1 0 the customer premises without fear that the appliance might be incompatible with a particular 
telecommunication service provider's standards. Moreover, a demarcation device might 
serve to couple a plurality of external and/or internal transport media, allowing interoperation 
among them all, and provide the same isolation features among all of these media. 

[0032] In this way, certain aspects of the demarcation devices can allow for sales of a wide 
1 5 variety of CPE on a consumer electronics model, instead of the proprietary model 

necessitated by many of today's telecommunication networks, where, for example, differing 
implementations of xDSL among providers virtually force consumers to purchase modems 
supplied or approved by a particular provider to ensure compatibility between the modem and 
the provider's xDSL implementation. By isolating the topologies of the external and internal 
20 transport media, embodiments of the present invention can create a disclosed interface 
between the provider's network and the customer's network, allowing much greater 
flexibility in both the provider's networking options and the customer's choice of 
telecommunication appliances. Those skilled in the art will recognize that these and many 
other benefits can flow from embodiments of the invention. 

25 [0033] In accordance with other embodiments, the isolation abilities of demarcation 
devices also can allow a demarcation device to serve as an insulator between different 
transport media coupled to the internal and external transport media in order, for instance to 
prevent unwanted telecommunication information from one network from entering the other 
network. For instance, a demarcation device in accordance with particular embodiments can 

30 serve to prevent propagation of certain telecommunication information from an internal 
network (including particular signals or frequencies) into one or more external transport 
media, preventing interference in the internal transport medium from interfering with the 
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telecommunication service provider's network. In similar fashion, demarcation devices can 
prevent the contamination of the internal transport medium with unwanted information from 
the external medium, interference between two or more external transport media coupled to a 
demarcation device, and unwanted interference or crosstalk between multiple internal media. 

5 [0034] The ability of a demarcation device to isolate the internal transport medium from the 
external transport medium also allows demarcation devices in some embodiments to be used 
to provide enhanced security for the customer and/or control customer access to certain 
features or services. For instance, those skilled in the art will recognize that a demarcation 
device can prevent unauthorized access (by a telecommunication service provider and/or a 
10 third party) to the customer's data network, or can screen or filter telecommunication 
information entering or leaving the customer's premises, enabling features like parental 
controls on incoming and outgoing information, as well as the filtering of outgoing sensitive 
information (such as credit card information and the like). 

[0035] Further, according to certain embodiments, the demarcation device, as the 
1 5 consolidation point for all telecommunication information entering or leaving the customer 
premises, can provide a variety of enhanced features to the entire premises, including things 
like caller identification, premises-wide telephone, video and data distribution, content {e.g., 
video, audio or data) on demand, and the like. These and other features of the demarcation 
devices also allow for a variety of new and usefiil telecommunication applications to be 
20 provided to customers. Details about some exemplary applications are discussed below; given 
the disclosure herein, those skilled in the art can appreciate the wide variety of such 
applications that are possible using various embodiments of the invention. 

[0036] Further still, in some embodiments the demarcation device may serve as a 
termination point for one or more virtual private networks ("NPNs"), thus providing secure 

25 communication between the demarcation device and an external source of information.. 

Terminating a VPN at a demarcation device, in some embodiments, provides the advantage 
that unencrypted information may be freely distributed within a customer's premises, thus 
avoiding the need to terminate a VPN within multiple devices that use the same information 
or establish a VPN to each such device. Certain embodiments of demarcation devices that 

30 provide the ability to terminate a VPN also may operate virtual local area networks 

("VLANs") within the premises. This greatly enhances the versatility of such devices since 
internal transport media then may carry multiple streams of information and distribute the 

10 



same information to multiple devices, multiple streams of information to one or more 
devices, and the same information to one or more devices using different transport media. 

[0037] Certain embodiments of the invention provide a variety of systems for utilizing 
demarcation devices. Merely by way of example, Figs. 1 A-1G illustrate several such 
5 exemplary systems. For instance, Fig. 1 A illustrates a system 100 for providing 
telecommunication services using a demarcation device, in accordance with some 
embodiments of the invention. System 100 includes a distribution point 104 in 
communication with a demarcation device 108 via external transport medium 112. In one 
sense, distribution point 104 can be considered the source of telecommunication information 

10 transmitted to customer premises and the recipient of telecommunication information 

transmitted from customer premises 116, although, as described below, distribution point 104 
often will be neither the ultimate source nor the ultimate recipient of telecommunication 
information. In certain embodiments, distribution point 104 can be a telecommunication 
service provider's local office; in other embodiments, distribution point 104 can be another 

15 network element in the service provider's network, for instance, a remote termination cabinet 
and/or a digital subscriber line access multiplier ("DSLAM"). In fact, distribution point 104 
can be any facility or equipment operated by a telecommunication service provider that is 
capable of transmitting telecommunication information to, and/or receiving 
telecommunication information from, a customer premises. 

20 [0038] In general, distribution points can be classified, inter alia, as discrete distribution 
points or complex distribution points. With respect to a particular information set, a discrete 
distribution point often transmits only the necessary or desired information to the NED. In 
contrast, a complex distribution point can transmit the entire information set to the NID. The 
contrast may be illustrated with regard to video distribution: A discrete distribution point 

25 may perform channel switching (at the request of the demarcation device), encoding and 
sending only the desired channel information to the demarcation device. In contrast, a 
complex distribution point might rely upon the demarcation device to perform all channel 
switching. Those skilled in the art will appreciate that each scheme presents relative 
advantages and disadvantages. 

30 [0039] Distribution point 104 can be capable of transmitting and/or receiving any type of 
telecommunication information to/from demarcation device 108, and such 
telecommunication information can be organized into a plurality of telecommunication 
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information sets, as necessary. For ease of description, Fig. 1 A does not show any additional 
sources or recipients of telecommunication information in communication with distribution 
point 104, but, those skilled in the art will recognize that, in many embodiments, distribution 
point 104 can be coupled to multiple customer premises (perhaps via a demarcation device at 
each customer premises) and often is neither the ultimate source nor the ultimate recipient of 
telecommunication information. Instead, distribution point 104 often can serve as the 
intermediary between one or more customer premises (e.g., 116) and one or more larger 
telecommunication networks and/or telecommunication information providers, which, as 
discussed above, can include cable television networks, telephone networks, data networks, 
and the like. Further, many such networks (as well as, in some embodiments, distribution 
point 104) can be coupled to the Internet, so that distribution point 104 can serve as a 
gateway between customer premises and any source and/or recipient of telecommunication 
information that has a connection to the Internet. The interconnection of telecommunication 
networks is well known in the art and need not be discussed here, other than to note that 
distribution point 104 can be configured to transmit telecommunication information to (and 
receive telecommunication information from) virtually any source or recipient of 
telecommunication information, through either direct or indirect (e.g., through the Internet) 
communication. Merely by way of example, a distribution point can transmit video signals 
received from a television programming provider to customer premises equipment, as 
described in the applications referenced above. In other embodiments, distribution point 104 
can be in communication with one or more other customer locations, allowing for private 
virtual circuits between customer premises 116 and those locations. 

[0040] In system 100, demarcation device 108 can serve as the interface between external 
transport medium 112 and customer premises 1 16. As conceptually illustrated in Fig. 1 A, 
demarcation device 108 can be attached to an external wall of customer premises 116, which 
provides many advantages. For instance, if the telecommunication service provider desires to 
upgrade or otherwise change its network (including, perhaps, modifying external transport 
medium 1 12), a technician can perform any necessary changes at demarcation device 108 
without entering the customer premises. Coupled with the ability of some demarcation 
devices to isolate the telecommunication service provider's network from the customer's 
premises, this can allow the telecommunication service provider to effect substantial changes 
in it network without impacting or inconveniencing the customer in any respect. This could, 
for example, allow the telecommunication service provider to upgrade external transmission 
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medium 112 from a copper twisted pair to optical fiber, without requiring any topological 
changes inside the customer premises. Of course, demarcation device 108 also may be 
located at a variety of other locations, for example, within customer premises 1 16 or at a 
facility operated by the telecommunication service provider (e.g., distribution point 104). As 
discussed in detail below, a demarcation device may also be divided, with different portions 
situated at different locations, according to the requirements of the implementation. 

[0041] Demarcation device 108 can communicate with CPE 120 (which can be located 
inside customer premises 1 16) through internal transport medium 124, which can comprise 
any of the media discussed above. In particular, internal transport medium 124 can comprise 
the existing telephone wiring in customer premises 116 and, in some embodiments, is capable 
of carrying voice, data and video information, as well, perhaps, as other types of 
telecommunication information, using any of a variety of multiplexing schemes. For 
instance, as described in Edward H. Frank and Jack Holloway, "Connecting the Home with a 
Phone Line Network Chip Set," IEEE Micro (IEEE, March- April 2000), which is 
incorporated herein by reference, the Home Phoneline Networking Alliance ("HPNA") 
standards allow for simultaneous transmission of both voice information and Ethernet frames 
across twisted-pair copper telephone wiring. 

[0042] Thus, telecommunication information received by distribution point 104 from any 
source (for instance, those discussed above) can be transmitted from distribution point 104 
through external transport medium 112 to demarcation device 108. Demarcation device 108 
can then transmit the information through internal transport medium 124 to CPE 120. 
Likewise, telecommunication information can be transmitted via the reverse path to 
distribution point 104, where it can, for instance, be transmitted to an information recipient, 
such as a service provider (for instance, to request a pay-per-view movie or the like) or across 
the Internet to a recipient (such as in the case of an email message). 

[0043] In certain embodiments, demarcation device 108 can receive configuration 
information, in some cases from a control point (e.g., 128), which, in the illustrated 
embodiment, is associated with distribution point 104. In certain instances, control point 128 
can be software and/or hardware operated by a telecommunication service provider for 
controlling certain features of the operation of demarcation device 108. For instance, control 
point 128 can instruct demarcation device 108 to provide (or cease to provide) a particular 
telecommunication service (e.g., video distribution) to customer premises 1 16, or to control 
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how many information sets and/or transport media demarcation device 108 should accept at 
any given time. Control point 128 can also provide other direction to demarcation device 
108, including, for instance, instructions to save or record a particular information set (e.g., 
data representing a movie), such that the information set may quickly (and, in some cases), 
repeatedly be transmitted to customer premises 116, allowing the provision of voice, data, 
video, etc. on demand. Control point 128 can further be used to test the availability, 
functioning and/or performance of demarcation device 108, and/or any of the transport media 
attached thereto. Merely by way of example, control point 128 can be used to perform a 
loop test, known to those skilled in the art. 

[0044] Often, it may be beneficial to allow the customer to provide configuration 
information to demarcation device 108. Thus, in certain embodiments, control point 128 can 
have a web interface, such that the customer (or any authorized person, such as an employee 
of the telecommunication service provider or telecommunication information provider) may 
log on to the web interface and configure options for demarcation device, perhaps resulting in 
configuration commands being transmitted from distribution point 104 to demarcation device 
108. In other embodiments, control point 128 can be a web interface to demarcation device 
108 itself, allowing the customer (or, alternatively, a telecommunication service provider or 
telecommunication information provider) to configure demarcation device 108 directly. In 
still other embodiments, control point 128 can communicate with demarcation device through 
an application programming interface ("API"). Hence, in some aspects, control point 128 can 
interface with demarcation device 108 through an API. 

[0045] Those skilled in the art will recognize that, in some embodiments, an API can 
include a set of software, hardware or firmware routines or libraries that may be invoked 
programmatically to configure or relay information to demarcation device 108. In that sense, 
then, control point 128 can be understood to be a program running on a computer (perhaps 
located at distribution point 104 or customer premises 116, among other locations) that 
provides configuration information to demarcation device via using a software API. In other 
embodiments, however, an API can include a physical interface (perhaps adapted to 
communicate using any of the transport media discussed herein), that may be accessed 
remotely and/or locally, for instance, by a service technician. 

[0046] Merely by way of example, a service technician could visit customer premises 1 16, 
attach a laptop computer (or other configuration device) to demarcation device 108, and 
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upload information to demarcation device 108, including perhaps both configuration 
information and other telecommunication information. In still other embodiments, 
demarcation device 108 can accept configuration information through other means, including 
merely by way of example, providing a web interface (especially in embodiments where 
5 demarcation device 108 is capable of acting as a web server, as discussed below) and/or 
receiving a specially-formatted electronic message, either of which could be considered a 
control point in such embodiments. 

[0047] As described below, demarcation device 108 (and/or particular components thereof) 
can be addressable/and or programmable (e.g., through control point 128). As such, 
10 demarcation device 108 can include a storage device, which can be any device known to 
those skilled in the art as one capable of storing information (including, merely by way of 
example, any of the memory and/or storage devices discussed below), for storing 
configuration information received from control point 128. As discussed below, the storage 
device can also store other telecommunication information. 

1 5 [0048] Configuration information can be any set of data or other information that can be 
interpreted by demarcation device 108 as operational instructions, including, but not limited 
to, commands to process certain information sets in certain ways (e.g., provide protocol 
conversion, allow transmission of the information set, deny transmission of the information 
set, direct transmission on a particular interface, and the like), commands to provide (or cease 

20 providing) a particular service (e.g. , to provide access to a pay per view movie or an 

additional telephone line). Thus, in certain aspects, a telecommunication service provider can 
control the services provided to a customer in several ways. First, the provider can transmit a 
telecommunication information set to a demarcation device only if the user of that device is 
authorized to receive the service associated with that information set. Alternatively, the 

25 service provider could send one or more services to a customer's demarcation device 

regardless of the customer's authorization to use the services, and rely on the device itself to 
prevent unauthorized access to those services. 

[0049] Those skilled in the art will appreciate that certain control methods are more well- 
suited to certain services than to others. For instance, with respect to cable television 
30 services, the same set of information may be broadcast to many households, and the 

demarcation device is well-suited to control access to those services, allowing for greater 
efficiency in the providing of such services. In contrast, video on demand services may be 
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controlled at a distribution point (or elsewhere), such that a demarcation device will only 
receive video on demand information if the customer already has requested (and been 
authorized to receive) that service, and the demarcation device thus may not need to provide 
access control functions with respect to that service. 

5 [0050] According to some embodiments, demarcation device 1 08 can implement either of 
these access control schemes, or both in combination, as well as others. Moreover, 
demarcation device 108 can, in some cases, be configured to support a plurality of schemes 
transparently, so the customer can, for instance, request a service from demarcation device 
108 (perhaps using one of the methods discussed above), and demarcation device can relay 

10 that request to the appropriate telecommunication service provider (and/or 

telecommunication information provider) if necessary, as well as reconfigure itself to allow 
access to that service, if necessary. Of course, demarcation device 108 also can be 
configured to take any necessary validating or authenticating action (such as notifying 
distribution point 104 and/or control point 128 that the service has been requested, and, 

15 optionally, receiving a return confirmation that the service has been authorized). 

[0051] In accordance with other embodiments, configuration information sent to 
demarcation device 108 can include one or more commands to interface with and/or control a 
particular home fixture in a certain way. The term "home fixture" should be interpreted to 
mean any outlet, fixture, or device (including without limitation those that function 

20 electrically and/or any CPE) that can be intelligently controlled. Home fixtures can include, 
merely by way of example, any device, outlet, or other equipment that can be included in the 
"smart home" or "connected home" concepts familiar to those skilled in the art. For instance, 
configuration information could instruct demarcation device 108 to turn on and/or off certain 
lights, electrical outlets and/or equipment (perhaps via additional devices), and/or to arm, 

25 disarm or otherwise monitor and/or configure a home security system. One skilled in the art, 
will recognize, moreover, that although termed "home fixtures" for ease of description, home 
fixtures can easily be located in MDUs and business premises as well. 

[0052] Configuration information can also include operational data such as an IP address, 
routing information, and the like, to name but a few examples. Configuration information 
30 can further include instructions to modify one or more security settings of demarcation device 
108. Merely by way of example, in certain embodiments, demarcation device 108 can 
include a computer virus scanner, and configuration information can include updated virus 
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definitions and/or heuristics. Likewise, demarcation device 108 often will be configured with 
access controls (for instance, to prevent unauthorized access through demarcation device 108 
by third parties, as described elsewhere in this document), and configuration information can 
include instructions on how to deal with particular third party attempts to access demarcation 
5 device 108 or internal transport medium 124. Those skilled in the art will recognize as well 
that some security settings may specify the level of access the customer has to the functions 
of demarcation device 108, for instance to prevent unauthorized use of certain 
telecommunication services, and that these settings also may be modified by received 
configuration information. 

10 [0053] Based on the disclosure herein, those skilled in the art will recognize that a wide 

variety of configuration information can be transmitted to demarcation device 108, including 
those examples discussed above. Moreover, some types of configuration information may be 
sent periodically to demarcation device 108 to ensure that the configuration of demarcation 
device is current. Those skilled in the art will also recognize that configuration information 

1 5 can, in a sense, be considered a subset of the broader category of telecommunication 
information. 

[0054] Turning now to Fig. IB, system 100' is illustrative of certain embodiments, which 
can provide multiple demarcation devices 108 A, 108B at customer premises 116. As noted 
above, demarcation device 108 A can be in communication with CPE 120 A through internal 

20 transport medium 124A, and demarcation device 108B likewise can be in communication 
with CPE 120B through internal transport medium 124B. Demarcation device 108B can 
communicate with distribution point 104 through external transport medium 1 12B which, as 
illustrated by Fig. IB, can simply be spliced into external transport medium 1 12A (for 
example, using one or more active and/or passive splitting devices, which could be optical, as 

25 in a fiber environment, for example, or electrical). If necessary, demarcation devices 108 
and/or distribution point 104 can include control logic to prevent unauthorized access by 
demarcation device 108 A to telecommunication information sent to (or received from) 
demarcation device 108B, and vice-versa. In other embodiments, external transport medium 
1 12B could run directly from demarcation device 108B to distribution point 104, or external 

30 transport medium 1 12B can be omitted, and demarcation device 108B can be coupled to 

demarcation device 108 A, which can provide connectivity between demarcation device 108B 
and distribution point 104 through external transport medium 1 12 A. 
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[0055] System 100' can be used in a variety of implementations. For instance, if customer 
premises 1 16 is a multiple-dwelling unit ("MDU") or a commercial building, separate 
demarcation devices can be provided for each separate resident, family and/or tenant (or, 
alternatively, a single demarcation device, perhaps with more interfaces, can service multiple 
5 dwelling or business units). In such implementations, especially when external transport 
medium 1 12B does not directly couple demarcation device 108B to distribution point 104, 
demarcation devices 108 A, 108B can include security functionality, for example to prevent 
telecommunication signals intended for CPE 120A from reaching CPE 120B and vice-versa. 
In some embodiments, demarcation devices can provide a variety of such security, encryption 
10 and authentication functions. 

[0056] As described above, in certain embodiments, multiple demarcation devices 108 A, 
108B can be daisy-chained together (using any of the telecommunication media discussed 
herein). This could allow a telecommunication service provider to provide service to 
additional customers without requiring any additional external transport media (e.g., 1 12B). 

15 Similarly, demarcation devices at multiple premises can be coupled together (using wired or 
wireless transport media), such that if the external transport medium coupled to one of the 
demarcation devices fails, that device can maintain connectivity to the distribution point 
through its connection to another demarcation device. A demarcation device in accordance 
with specific embodiments thus may have an interface for securely connecting to one or more 

20 additional demarcation devices (thus, perhaps, forming a mesh network of one or more 

demarcation devices and/or distribution points), that would allow a particular demarcation 
device to serve as a conduit between another interface device and a distribution point, without 
allowing any unauthorized reception of telecommunication information intended for the 
connected interface device. This secure interface can be included, for instance, in a portion 

25 of the demarcation device that is inaccessible to customers, as illustrated in Fig. 2 A and 
described below. 

[0057] In other embodiments, a single customer premises might have connections to a 
plurality of telecommunication service providers. For example, turning now to Fig. 1C, 
system 100" includes a distribution point 104 A coupled to demarcation device 108 A and also 
30 includes a second distribution point 104B coupled to demarcation device 108B via external 
transport medium 1 12B. Merely by way of example, distribution point 104B could, for 
example, be associated with a cable television provider, while distribution point 104A could 
be associated with a telephone company. Thus, CPE 120A could be a telephone, and CPE 
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120B could be a television. (Of course, it should be noted that both telephone and video 
signals, as well as other forms of telecommunication information, can be provided through a 
single distribution point as well.) Further, as illustrated by example system 100", multiple 
CPE 120 A, 120C can be coupled to a single demarcation device 108 (either through two 
5 internal transport media 124 A, 124C as illustrated by Fig. 1C, or through a common internal 
transport medium, as discussed below). As described above, each demarcation device 108 A, 
108B, can receive configuration information from a control point 128 A, 128B respectively. 

[0058] In an alternative embodiment, such as, for example system 100 m illustrated on Fig. 

ID, a single demarcation device 108 can provide connectivity to a plurality of distribution 
10 points (e.#.,104A, 104B), as well to a plurality of CPE 120A, 120B, 120C. In such an 

embodiment, demarcation device 108 could include attachments for multiple internal 

transport media 124A, 124B, 124C and multiple external transport media 1 12A, 1 12B. 

Moreover, as illustrated by Fig. ID, each distribution point 104A, 104B can be associated 

with a different control point 128 A, 128B, respectively. In alternative embodiments, a single 
1 5 control point could provide configuration information to demarcation device 108 with respect 

to both distribution points 104A, 104B. 

[0059] Turning now to Fig. IE, another exemplary system 100"" is presented in accordance 
with certain embodiments of the invention. In exemplary system 100"", demarcation device 
108 can be in communication with distribution point 104. In turn, distribution point 104 

20 (perhaps operated by a telecommunication service provider) can be in communication with 

one or more telecommunication information providers 130A, 130B. Each telecommunication 
information provider 130A, 130B can be the source or recipient of one or more 
telecommunication information sets (each of which can be associated with a particular 
telecommunication service), each of which can be transmitted to (or received from) 

25 distribution point 104. Distribution point 104 can also transmit these information sets to (or 
received them from) demarcation device 108, via external transport medium 112. As 
discussed below, demarcation device 108 can be capable of processing a plurality of such 
information sets in a variety of ways. 

[0060] In certain embodiments, each telecommunication information provider 130A, 130B 
30 can have an individual control point 128B, 128C. In some such embodiments, control points^ 
128B, 128C can be in communication with demarcation device 108 via distribution point 
104, or, alternatively, could have a separate means of communication with demarcation 
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device 108 (e.g., via a modem and telephone line). Thus, in some embodiments, demarcation 
device 108 can receive configuration information from each control point 128B, 128C. As 
discussed above, configuration information can direct the behavior of demarcation device 
108, in particular with respect to how to handle telecommunication information received 
5 from, or sent to, the associated telecommunication information provider. 

[0061] In some embodiments, demarcation device 108 can be configured to accept 
configuration information related only to the telecommunication information and/or services 
provided by the telecommunication information provider sending the configuration 
information. In this way, demarcation device can be protected against inadvertent (or 

10 malicious) misconfiguration, which could interrupt a telecommunication service provided by 
another telecommunication information provider. Likewise, demarcation device 108 could 
be configured to automatically request updated configuration information from control point 
108 A associated with distribution point 104 in the case of misconfiguration, and control point 
108 A could maintain a master set of configuration information to be able to accommodate 

1 5 such a request. 

[0062] In other embodiments, telecommunication information providers 130A, 130B may 
not have an associated control point. In such embodiments, telecommunication information 
providers 130A, 130B can send configuration information to control point 128A (perhaps via 
distribution point 104 A), and control point 128 A can relay that configuration information to 
20 demarcation device 108 (again, perhaps through distribution point 104). In this way the 
telecommunication service provider can control which configuration information is 
transmitted to demarcation device 108. 

[0063] In certain embodiments, demarcation device 108 can submit a request for 
configuration information to one or more control points 128A, 128B, 128C, perhaps via 
25 distribution point 104. Such a request might be made, if, for instance, the customer would 
like to watch a pay per view movie. The appropriate control point (e.g., 128B) could then 
provide the proper configuration information to demarcation device as described above, and 
the configuration information could enable demarcation device to transmit the movie to 
customer premises 116. 

30 [0064] As exemplified by system 132 on Fig. IF, embodiments of the invention enable a 
single demarcation device 108 to serve multiple CPE 134A-F, each of which can be a 
different appliance, at a single customer premises 136. For instance, CPE 134 A can be a 
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computer with an Ethernet interface, CPE 134B can be a telephone, CPE 134C can be a video 
game system, CPE 134D can be a set-top box attached to a television, CPE 134E can be a 
computer with an HPNA interface, and CPE 134F can be a laptop computer equipped with a 
wireless network card. 

5 [0065] Also as illustrated by system 132, demarcation device 108 can support multiple 
network topologies. For instance, demarcation device 132 can serve as a hub for a point-to- 
point network topology, with multiple point-to-point connections to CPE 134A, 134B via 
internal transport media 138A, 138B, respectively. In addition, demarcation device 132 can 
support a bus topology, as illustrated by internal transport medium 140, which can connect 

10 demarcation device 132 to CPE 134C, 134D, 134E. Demarcation device 108 can also be 
equipped with a wireless transmitter 142 for communication with wireless-capable CPE 
134F. In this way, demarcation device 108 can support a wide variety of networking media 
in customer premises 136, including the existing telephone, satellite, cable, and network 
wiring. For instance, the existing telephone wiring in most homes is arranged in a bus 

15 topology, as is most coaxial cable (for instance RG6 or RG59) installed by cable television 
providers, although each may, in some implementations, be wired using a star topology. In 
contrast, many homes also have lOBase-T Ethernet networks, which sometimes require a 
central hub. As used herein, the term "lOBase-T" can be understood to include newer 
implementations of Ethernet over unshielded twisted pair wiring, including, for instance, 100 

20 megabit Ethernet (100Base-T, 1 00 VG- AnyLAN, etc.) and gigabit Ethernet (lOOOBase-T) 

standards. Demarcation device 108 can support these and other network topologies, serving 
as the hub in a lOBase-T network if necessary. 

[0066] Fig. 1G illustrates another exemplary system 150 for using a demarcation device 
152 in an xDSL implementation, according to certain embodiments of the invention. In some 

25 embodiments, distribution point 154 can comprise a host digital terminal 156 coupled by 
transport medium 158 to DSLAM 160. (As noted above, however, in other embodiments, 
DSLAM 160 or other equipment can be considered the distribution point.) Host digital 
terminal 156 can be coupled to any of a variety of data sources and/or recipients, either 
directly, or indirectly (e.g., through the provider's network and/or the Internet). In the 

30 illustrated embodiment, transport medium can be a Synchronous Optical NETwork 

("SONET") link (e.g., OC-3, OC-12, etc.), although those skilled in the art will recognize that 
other suitable transport media may be substituted. 



21 



[0067] In accordance with some embodiments, distribution point 154 also comprises a 
central office shelf 162 in communication with the PSTN, as well with an asynchronous 
transfer mode ("ATM 5 ') network 166, either of which can provide connectivity to any of the 
variety of data sources and/or recipients discussed above. In certain embodiments, shelf 162 
5 is, in turn, coupled to fiber distribution panel 168, which is connected by transport medium 
170 to a digital loop carrier remote termination cabinet 172. Remote termination cabinet 172 
can also be coupled to DSLAM 160 by transport medium 174, which may be routed through 
serving area interface 176. In effect, transport medium 174 can carry one or more POTS 
information sets, and transport medium 158 can carry one or more non-POTS (in this case 
10 xDSL) information sets. 

[0068] As illustrated, these two information sets can be combined at DSLAM 160, which is 
in communication with serving area interface 176 through transport medium 178. Serving 
area interface 176 can coupled to demarcation device 152 by transport medium 180, and in 
the illustrated embodiment, demarcation device 1 52 is fixedly attached to an exterior wall at 
1 5 customer premises 182. Demarcation device can then be coupled via one or more internal 

transport media 184A-I to a variety of CPE, including without limitation a television set 186, 
a video phone 188, an IP-compatible set-top box 190, an analog (POTS) telephone 192, an 
IP-compatible phone 194, and a personal computer 196. In this way, a demarcation device 
can be used to provide a plurality of telecommunication services to a customer premises. 

20 [0069] As alluded to above, a NID is one type of demarcation device that can serve as the 
interface between an external transport medium and an internal transport medium. Generally, 
a NID can incorporate all of the functionality of the demarcation devices discussed above. In 
addition, in accordance with some embodiments, a network interface device also can offer 
enhanced functionality in the provision of telecommunication services, as described below. 

25 [0070] Turning now to Fig. 2A, one exemplary embodiment of a NID 200 is illustrated. In 
the illustrated embodiment, NID 200 comprises a clamshell design, with a lid portion 204 and 
a body portion 208 connected by hinges 212A, 212B. Turning now to Fig. 2B, it can be seen 
that body portion comprises a network area 216 and a customer area 220. Generally, network 
area 216 is adapted to receive a cover and is designed generally to be accessible only to 

30 personnel authorized by the telecommunication service provider. In contrast, when NID 200 
is open, the customer can access customer area 220 to add or remove components as desired. 
In this and other ways, NID serves to isolate the telecommunication service provider's 
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network from the customer's network, as described above. As discussed below, lid portion 
204 can contain a processing system (not shown in Fig. 2B) 

[0071] Returning to Fig. 2 A, NID 200 can include a first interface 228 for communicating 
with the provider's external transport medium. Those skilled in the art will recognize that, in 
5 some embodiments, as described above, the external transport medium can be the twisted- 
pair copper "local loop" running from the customer's premises to the telecommunication 
service provider's local office, and interface 228 can allow for the attachment of the local 
loop to NID 200. As discussed above, in other embodiments, the external transport medium 
can be any of a variety of other media, including satellite transmissions, wireless 

10 transmissions, coaxial cable. In fact, in certain embodiments, the external transport medium 
can comprise multiple transport media (of the same or different types), for which NID 200 
could include multiple interfaces. In some such embodiments, NID 200 can function to 
logically couple or bond a plurality of external transport media to one another, seamlessly 
increasing the bandwith available to the customer premises. For instance, a customer 

15 premises might have a satellite link to one telecommunication service provider and an ADSL 
link to another provider, and NID 200 could combine or multiplex these two links to provide 
an apparent single, higher-bandwidth to the customer premises. Similarly, those skilled in the 
art will recognize that, in certain of these embodiments, a particular external transport 
medium (for instance, a satellite link) may be more well-suited to one way transmission of 

20 telecommunication information; in such cases, NID 200 could use a second external transport 
medium (for instance, an ADSL link) to allow transmission in the other direction. 

[0072] Interface 228 can be coupled to a discrimination device 232, which can be operative 
to separate information sets received on interface 228 (and, conversely, aggregate 
information sets for transmission on interface 228). Merely by way of example, in particular 

25 embodiments, discrimination device 232 can separate POTS information from other 

telecommunication information and/or isolate signals on the internal transport medium from 
the external transport medium (and vice- versa). In some embodiments, for instance xDSL 
implementations, discrimination device 232 can comprise one or more filters. Such filters 
can include (but are not limited to) high-pass, low-pass and/or band pass filters. For instance, 

30 in an xDSL implementation, discrimination device 232 might include a high-pass and/or low- 
pass filter for separating high-frequency (e.g., data) from low frequency (e.g., POTS) 
information. In other embodiments, discrimination device 232 can comprise many other 
types of filters, including both digital and analog filters. Demarcation device 232 can be 
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operable to separate information sets through a variety of criteria, including for example, by 
frequency, by destination device, information type, frequency. Further, in certain 
embodiments, information sets can be multiplexed (for instance, using various time-division 
multiplexing or wave-division multiplexing schemes known in the art) for transmission over 
5 an external transport medium, and discrimination device 232 can comprise a de-multiplexer 
capable of separating multiplexed signals and, optionally, routing each signal to the 
appropriate destination. 

[0073] In the illustrated embodiment, discrimination device 232 is in communication with a 
second interface 236, which can interface with the telephone wires at the customer premises 
10 to provide traditional analog telephone service. In some embodiments, an aggregator 240 can 
be situated between discrimination device 232 and interface 236 to allow additional (perhaps 
non-POTS) information sets to be sent and received through interface 236 simultaneously 
with the POTS information. This can include, for example, aggregating information sets for 
transmission of an HPNA (or HPNA+) signal over an internal transport medium. 

15 [0074] The discrimination device can also be coupled to a processing system 244, which in 
the illustrated embodiment is located in the lid portion 204, and all non-POTS information 
sets can be routed to processing system 244 for additional processing. Processing system 244 
is described in detail below, but can, in general, comprise one or microprocessors, including 
digital signal processor ("DSP") chips, and/or memory devices, including both volatile and 

20 nonvolatile memories, as well as a variety of read-only memory devices known in the art, 
such as programmable read only memory ("PROM") devices and erasable programmable 
read only memory ("EPROM") devices (a term which should be interpreted to include 
electrically erasable programmable ("EEPROM") devices, in addition to other EPROM 
devices) and storage devices (including hard disk drives, optical drives and other media) In 

25 fact, processing system 244 can comprise the equivalent of one or more personal computers, 
running any of a variety of operating systems, including variants of Microsoft's Windows™ 
operating system, as well as various flavors of the UNIX™ operating system, including open 
source implementations such as the several Linux™ and OpenBSD™ operating systems. 

[0075] Telecommunication information (or information sets) can be processed by 
30 processing system 244 in a variety of ways, including, for example, routing a given 
information set to a particular interface, transforming information (for example, 
encoding/decoding information and converting between different transport protocols), storing 
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information, filtering information, and any of the other functions described herein with 
respect to processing systems. In certain embodiments, processing system 244 can serve as 
the termination point for an external transport medium; for instance processing system 244 
can incorporate the functionality of an xDSL modem. In other embodiments, processing 
5 system 244 can serve to identify quality of service requirements (for instance, latency 
requirements for voice transmissions and bandwidth requirements for streaming media 
transmissions, to name a few) and enforce those requirements, ensuring that sufficient 
bandwith is provided to a particular device, network segment or application to maintain the 
quality of service required. 

10 [0076] In certain embodiments, for instance, as described above with respect to Fig. ID, a 
NID may comprise another interface in communication with a second distribution point 
104B, perhaps operated by a different telecommunication service provider, through an 
additional external transport medium 1 12 A. In such a case, the additional external interface 
could be coupled to discrimination device 232, or it could be coupled to another 

15 discrimination device, which could also be in communication with processing system 244, 
interface 236 and/or aggregator 240. Thus, certain embodiments allow a single NID to serve 
as a communication gateway between the customer premises and multiple telecommunication 
service providers, including combining or multiplexing multiple external transport media 
(each of which may be in communication with a different telecommunication service 

20 provider and/or telecommunication information provider) as discussed above.. 

[0077] Returning to Fig. 2A, processing system 244 can be in communication with 
aggregator 240, which, as discussed above, can aggregate non-POTS information sets 
received from processing system 244 and POTS information sets received directly from 
discrimination device 232 for consolidated transmission via interface 236, among other 

25 functions. In effect, discrimination device 232 and aggregator 240 (perhaps in conjunction 
with processing system 244) can function to separate telecommunication information 
received on interface 228 into a set of POTS telecommunication information and a set of non- 
POTS telecommunication (wherein POTS information can be understood to be ordinary 
telephone signals, and non-POTS information can be understood to include all other 

30 telecommunication information), route the non-POTS information via transport medium 248 
to processing system 244 for processing, and route the POTS information to interface 236 for 
transmission to the internal transport medium. In certain embodiments, one or more sets of 
non-POTS information can be routed to interface 236 using transport medium 252 for 
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transmission through interface 236, perhaps in combination with one or more sets of POTS 
information. 



[0078] Of course, discrimination device 232 and aggregator 240 can perform the same 
function in reverse (i.e., to separate and recombine different sets of telecommunication 
5 information received on interface 236 from the customer's premises). Thus, in some 
embodiments, both discrimination device 232 and aggregator 240 each can perform a 
combined discrimination device-aggregator function, depending on the direction of 
information flow. In fact, while termed "discrimination device" and "aggregator" for ease of 
description, those two devices can actually be identical, and further, their functionality can, in 

10 some embodiments, be incorporated into a single device, which could be coupled to interface 
228, interface 236, and processing system 244 and could route information sets among any of 
those components as necessary. Moreover, as described below, the functionality of 
discrimination device 232 and/or aggregator 240 can be incorporated into processing system 
244; likewise, discrimination device 232 can incorporate interface 228 and/or aggregator 240 

15 can incorporate interface 236, such that discrimination device/and or aggregator comprise the 
necessary components to be coupled directly to the external and internal transport media, 
respectively. 

[0079] Discrimination device 232 and/or aggregator can also serve another function in 
certain embodiments: Since the external transport medium is coupled to first interface 228 

20 and the internal transport medium can be coupled to, inter alia, second interface 236, the 
discrimination device and/or aggregator can serve as an isolation device for intermediating 
between the two media, such that when a topological change occurs in one of the media, only 
the NID interface need be changed, and the other transport medium is not affected. In some 
such embodiments, discrimination device 232 and/or aggregator 240 can serve to 

25 intermediate (including protocol translation and the like) between interfaces 232, 240, 
allowing either the internal or the external transport medium to be upgraded or changed 
without impacting the other transport medium. Of course, in certain embodiments, this 
isolation function also could be performed by processing system. In yet other embodiments, 
the isolation device might comprise a separate piece of hardware in communication with 

30 discrimination device 232, aggregator 240 and/or processing system 244. 

[0080] In certain embodiments, NED 200 can have one or more additional interfaces 256, 
260 in communication with processing system 244 via transport media 264, 268, 
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respectively. Additional interfaces 256, 260 can be adapted to communicate with any of a 
variety of internal transport media to send/receive telecommunication information to/from the 
customer premises. For instance, interface 256 can be a coaxial interface for connection to 
RG6 and/or RG59 cable, and interface 260 can be an RJ45 and/or RJ1 1 interface for 
5 connection to unshielded twisted pair cable (which can, for instance, form a lOBase-T 
Ethernet network). 

[0081] In certain embodiments, NID 200 can comprise a line driver (not shown on Fig. 
2A), coupled to processing system 244 and aggregator 240. The line driver can function to 
allow conversion between various network formats and media, allowing a variety of different 
10 media types (e.g., twisted pair and/or coaxial cable, in accordance with the HPNA and 

HPNA+ standards, as well, perhaps, as the customer premises' A/C wiring, in accordance, for 
example, with the HomePlug™ standard) to transport combined POTS and non-POTS 
information sets. If necessary, one or more different line drivers can be used to accommodate 
a variety of transport media. 

1 5 [0082] The ability of NID 200 to support multiple interfaces of different types allows great 
flexibility in routing telecommunication information throughout the customer premises. 
Merely by way of example, if interface 228 receives telecommunication information that 
includes digitally^-encoded video signals (e.g., MPEG-2 data), the information set that 
includes the encoded video signals can be routed by discrimination device 232 to processing 

20 system 244, which can decode the signals into an RF-modulated NTSC, HDTV and/or PAL 
format and transmit the signals via transport medium 264 to coaxial interface 256, where it 
can be transmitted via coaxial cable to one or more televisions at the customer premises. 
Alternatively, if the customer has a digital set- top box located at the television, the encoded 
signals can be routed by processing system 244 (perhaps through the appropriate line driver) 

25 to aggregator 240, where the signals can be transferred through interface 236 to the set-top 
box for decoding. 

[0083] Similarly, in some embodiments, NED 200 might receive IP data (perhaps combined 
with other types of telecommunication information) on interface 228. The information set 
comprising the IP data can be routed by discrimination device 232 via medium 248 to 
30 processing system 244, where it can be processed, and depending on the embodiment, routed 
via transport medium 252 to the customer's existing telephone wiring (perhaps using 
interface 236, optionally in conjunction with aggregator 240 and/or one or more line drivers), 
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routed to a lOBase-T network (perhaps transport medium 268 and interface 260), routed to a 
coaxial cable {e.g., using transport medium 264 and interface 256), or routed via a wireless 
interface (not shown in Fig. 2A). Alternatively, the IP data can be routed to any combination 
of these interfaces, and any of these interfaces could also receive IP or other 
5 telecommunication information from a CPE at the customer premises, for routing to 

processing system 244. In this way, NED 200 can allow virtually unlimited connectivity 
options for each CPE at the customer premises. Adding to the flexibility of NID 200, 
processing system 244 can include the necessary components to serve, for instance, as a 
cable, wireless, or xDSL modem, as well as components necessary to serve as an Ethernet 
10 hub, switch, router or gateway, the functions of each of which are familiar to those skilled in 
the art. 

[0084] In certain embodiments, NID 200 can comprise a power supply 272 for providing 
electrical power to the components in NID 200. Power supply 272 can be powered through 
electrical current carried on the external transport medium and received on interface 228. 

15 Alternatively, power supply can receive electrical current from a coaxial interface {e.g., 256), 
or through a dedicated transformer plugged into an A/C outlet at customer premises, e.g., 
through 12V connection 276. Processing system 244 can be powered by a connection 280 to 
power supply 272, or through one or more separate power sources, including perhaps the A/C 
power of the customer premises. In some embodiments, processing system 244 might have 

20 its own power supply. 

[0085] As mentioned above, processing system 244 can comprise a plurality of processing 
devices, and each processing device can comprise multiple components, including 
microprocessors, memory devices, storage devices and the like. Merely by way of example, 
Fig. 3 provides a detailed illustration of exemplary processing system 244, which comprises 
25 multiple processing devices 304, 308, 312. In accordance with the exemplified embodiment, 
transport medium 248 links processing system 244 with an external transport medium 
(perhaps via a discrimination device and/or interface, as described above). 

[0086] Transport medium 248 can be coupled to microserver 304, such that any 
information received by processing system 244 via transport medium 248 is first processed 
30 by microserver 304. Microserver can, in some embodiments, be the equivalent of a server 
computer, complete with memory devices, storage devices, and the like, each of which is 
known in the art and none of which is illustrated on Fig. 3. In certain embodiments, 
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microserver 304 serves as the controller for the NID, overseeing the NID's configuration and 
monitoring performance; in some such embodiments, the controller functions can be accessed 
using a web browser. Depending on the embodiment, microserver 304 can be capable of 
performing a wide variety of additional functions, including functions related to 
5 administering any local area network comprised by the internal transport medium. For 

instance, microserver 304 can function as an xDSL modem in certain embodiments, allowing 
a home network attached to the NID to transmit and receive data via an xDSL connection to a 
telecommunication service provider. Microserver 304 can, in some cases, also function as a 
hub, bridge, switch or router. 

10 [0087] Further examples of functions of microserver 304 in various embodiments include a 
dynamic host configuration protocol ("DHCP") server, which, as those skilled in the art will 
appreciate, allows for flexible configuration of an IP network using any internal transport 
medium attached to the NID, and a network address translation ("NAT") server, which 
provides some security against unauthorized use of the customer's network. Microserver 304 

15 can also function as a HyperText Transport Protocol ("HTTP") server, which, among other 
benefits, can allow configuration of the NID through a convenient web interface, as well as a 
bridge, switch or router, which can be capable of supporting advanced routing techniques, 
such as MPLS and EFM, to name a few. Microserver 304 can function further to manage 
quality of service requirements, as described above. 

20 [0088] In addition to these functions, microserver 304 can be configured to route 
information sets received via transport medium 248, according to the type of 
telecommunication information in the set (e.g., encoded video, EP data, etc.) as well as any 
addressing information associated with either the set or the information it comprises (e.g. , a 
specified destination port or network address for a particular subset of telecommunication 

25 information). In this way, microserver 304 can serve a switching function somewhat similar 
to that described with respect to discrimination device 232 described in relation to Fig. 2A. 
For instance, if IP data is received by microserver 304, such data can be routed to an Ethernet 
connection, to the existing telephone wiring (e.g., in an HPNA implementation), or to any 
other appropriate medium (perhaps via an appropriate line driver). In fact, in certain 

30 embodiments, processing system 244 (and in particular microserver 304) can incorporate the 
functionality of discrimination device 232 and/or aggregator 240, rendering those 
components optional. 
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[0089] In addition to microserver 304, processing system 244 can include other 
components, including, for instance, application server 308 and set-top box 312, which, in the 
illustrated embodiment, are coupled to microserver 304. Application server 308 can 
comprise the equivalent of a computer, as described above, and thus can comprise one or 
5 more storage devices, such as hard disk drive 320, as well as memory devices, 

microprocessors and the like, to enable it to store and process telecommunication information 
and other data. In certain embodiments, application server 308 can perform tasks with 
processing, memory and/or storage requirements that render microserver 304 unsuitable, 
including a wide variety of consumer applications. For instance, application server 308 can 

10 act as a digital recorder for storing video (perhaps as a video-on-demand server or a personal 
video recorder), a file and/or application server for a home network attached to the NID, a 
Voice over IP ("VoIP") server, caller identification server, or voice gateway for a telephone 
system attached to the NID. Application server 308 can also function as a home security 
server, allowing the control of various features and configuration options for a home security 

1 5 system. 

[0090] Set-top box 312, which, in some embodiments, can be coupled to microserver 304 
as illustrated on Fig. 3, can provide traditional set-top box functionality (e.g., decoding of 
television signals, frequency switching, etc.), as well as provide enhanced features, including, 
for example, the provision of picture-in-picture signals for non picture-in-picture televisions, 
20 the provision of video on demand, personal video recorder features, and many other such 
features. 

[0091] Processing system 244 can have multiple means of input and output. Merely by 
way of example, microserver 304 can communicate with one or more external transport 
media (perhaps, as discussed above, via intermediary devices) using one or more transport 

25 media (e.g., 248). Processing system 244 (and, specifically, microserver 304) also can 

communicate with one or more internal transport media (for example category 5, 5e and/or 6 
unshielded twisted pair wire 268, RG6 and/or RG59 coaxial cable 264, and category 3 
unshielded twisted pair copper (telephone) wire 252), again possibly via intermediary 
devices, as discussed with reference to Fig. 2A. Notably, some embodiments of processing 

30 system 244 can include interfaces for multiple transport media of a particular type, for 

instance, if processing system (and, in particular, microserver 304) serves as a networking 
hub, switch or router. Processing system 244 can also have infra-red and radio-frequency 
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receivers and/or transmitters, for instance to allow use of a remote control device, as well as 
wireless transceivers, for instance to allow wireless (e.g., IEEE 802.1 1) networking. 

[0092] As illustrated on Fig. 3, in some embodiments, microserver 304 manages the 
connections between application server 308, set-top box 312 and transport media 248, 252, 
5 264, 268, routing data as necessary. In other embodiments, each processor 304, 308, 312 can 
have independent connections to one or more transport media. 

[0093] It should be recognized that the devices within processing system 244 are described 
for illustrative purposes only. The functionality described above with respect to microserver 
304, application server 308 and set-top box 312, respectively, each could be incorporated into 
10 a single device within processing system 244. Alternatively, their functions described herein 
could be divided among any number of processors and devices within processing system 244. 
Thus, the division of functions among devices within processing system 244 is discretionary 
and should not be considered to limit the scope of the invention. 

[0094] In accordance with some embodiments, the NID might comprise multiple 

15 enclosures, each located in a different location and in communication with one another. 
Merely by way of example, Fig. 4 illustrates an alternative embodiment of the invention, 
including a NED 400 and a separate processing system 404. In the illustrated embodiment, 
NED 400 caninclude the features described above, except that processing system 404 can be 
located distal to NID 400. In this way, processing system 404 can be located in a more 

20 secure area (for instance, inside the customer premises), while NID 400 can be located 
conveniently at the exterior of the customer premises, where it can be accessed easily by 
service personnel. (Of course, it should be noted that a NID can also be hardened, so that it 
can be securely located in its entirety on the exterior of the customer premises, as, for 
instance, in the embodiments discussed above.) In some embodiments, processing system 

25 404 can be in communication with NID 400 via similar transport media 412, 416, 420, 424 to 
those discussed with respect to Fig. 3 (248, 252, 264, 268, respectively) and can include all of 
the same functionality of the embodiments discussed above. As illustrated in Fig. 4, 
processing system 404 generally will draw power from its own source 428, although it could 
also be powered by NID 400, either via one of the transport media 412, 416, 420, 424 or 

30 through a separate power connection 432. 

[0095] Fig. 5 illustrates an exemplary system 500 in which a NID 504 in accordance with 
certain embodiments of the invention is interconnected via several internal transport media to 
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a wide variety of CPE, providing many different telecommunication services. NED 504 can 
be in communication with a telecommunication service provider's network via external 
transport medium 506, which can be any of the media described above; in this exemplary 
embodiment, it is a twisted pair copper "local loop," capable of carrying one or more POTS 
5 data sets and one or more xDSL information sets. NDD 504 can have a processing system 508 
in communication with discrimination device 512, which can be a combined high pass/low 
pass filter. As mentioned above, discrimination device 512 can function to separate POTS 
information sets from non-POTS information sets, with the former routed to aggregator 516, ^ 
which can serve as an interface to a category 3 twisted pair internal transport medium 520. 
10 Processing system 508 can also be in communication with aggregator 5 1 6, so that non-POTS 
information sets may be transmitted using transport medium 520 as well. 

[0096] Attached to internal transport medium 520 (which, in the illustrated embodiment 
can support the HPNA standard) can be a normal POTS telephone 524, along with an 
integrated access device, which, among other things, can provide POTS service via IP data 

15 transmitted via the HPNA network on internal transport medium 520. In the illustrated 
embodiment, three additional POTS telephones 532A, 532B, 532C are coupled to the 
integrated access device, although those skilled in the art will appreciate that certain 
embodiments will support different numbers and types of devices attached to the integrated 
access device. Also attached to transport medium 520 is a VoIP telephone 536, as well as a 

20 personal computer 540, which can use system 500 to access the Internet, among other things. 

[0097] Further embodiments can include an IP-compatible utility meter 544, which can 
allow a utility provider such as a city water department or electrical utility to monitor and bill 
utility usage over the Internet or the telecommunication service provider's network, and/or an 
IP-compatible home security system 548, which can allow the customer to monitor and 
25 control home security functions remotely. Via an Internet connection to NID 504, a customer 
on vacation could administer home security system 548, view images from security cameras, 
check the status of all sensors, and even turn various lights in the house on and off. 

[0098] Internal transport medium 520 can also be coupled to an IP-compatible set-top box 
552, which may have a television 556 attached. In addition, certain embodiments allow for a 
30 video phone 560 to be included in system 500 and attached to medium 520. Processing 

system 504 can also support a digital-to-analog converter 564 (perhaps with a ring generator), 
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to allow direct connection of a POTS phone 568 to the NID, perhaps for testing purposes or 
for mandated life-line service. 

[0099] As mentioned above, NID 504 can support a variety of other interfaces and 
attachments as well. For example, in certain embodiments, NID 504 (and more precisely 
5 processing system 508) can comprise one or more fiber optic interfaces, including for 
example, IEEE 1394 interface 572, as well a variety of standard Ethernet connections, 
including for instance a category 5 lOBase-T interface 576 that can be used, for example, to 
attach one or more personal computers (e.g., 580) to NID 504, as well as a wireless interface 
578. Processing system 508 can also include a coaxial (RG6 and/or RG59) interface, either 
10 through use of a balun 588 (to convert, for example, from twisted pair to coaxial cable) or 
through a direct coaxial connection to processing system 508. 

[0100] Like the other interfaces, coaxial interface 584 can support a wide variety of CPE 
and associated services, including transmission of both a video (e.g., HDTV, NTSC or PAL) 
information set and a data (e.g. , IP data) information set, simultaneously. Supported devices 
15 can include an IP residential gateway, which can provide IP to HDTV/NTSC/PAL 

conversion for video display on a television 598, as well as direct IP connectivity, for 
example, to provide Internet access to a personal computer 602. 

[0101] Through coaxial interface 584, NID 504 can also communicate with an IP- 
compatible set- top box, as well as directly with a cable-ready television 610, a personal 

20 computer 614 (either via a coaxial connection on the computer or through a balun), a POTS 
telephone 618 (for instance, through an integrated access device 622), or to any other IP- 
compatible device 626, such as a utility meter, home security system or the like. As 
discussed above, NID 504 can be programmable and/or addressable, and in some 
embodiments, NID 504 can include an application programming interface 630 to facilitate in 

25 the programming and/or addressing of NID 504. 

[0102] Notably, different embodiments of the NID can provide several benefits, including 
simultaneous video, data and voice transmission, while maintaining required Quality of 
Service levels for each particular information set. Further, some embodiments of the NID 
can comprise a router that is capable of multi-protocol label switching ("MPLS"), which, 
30 those skilled in the art will recognize, allows the telecommunication service provider 
tremendous flexibility in designing the architecture of the external transport medium, 
including options, such as EFM and tag switching schemes (e.g., MPLS), that provide 
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enhanced features and performance across the provider's network. Various embodiments of 
the NID also allow for a plurality of virtual private networks to be established through the 
NID, allowing one or more secure data connections from the customer premises to other 
locations. 

5 [0103] Other embodiments of the present invention provide methods for using demarcation 
devices, and NIDs in particular. One exemplary method 700 in accordance with certain 
embodiments is illustrated on Fig. 6. It should be noted that the blocks displayed on Fig. 6 
are arranged for ease of description only, and their order and arrangement should not be 
considered to limit the scope of the invention; hence, some of functions illustrated on Fig. 6 
10 may be performed in an order different than that illustrated, or they may be omitted entirely. 

[0104] In block 704, an external transport medium is provided. A wide variety of external 
transport media, including any of those discussed above, may be used without varying from 
the scope of this embodiment. At block 708, a demarcation device is provided. In a 
particular embodiment, the demarcation device can be a NID, as described above. In some 

15 embodiments, the demarcation device can be attached to an external wall of the customer 
premises (block 712), while in other embodiments, the demarcation device can be located 
elsewhere, including various locations at the customer premises (such as proximate to a 
particular CPE or coupled to an internal transport medium in an attic, garage, basement, 
crawl space or the like. In still other embodiments, the demarcation device could be co- 

20 located with a portion of the external transport medium, for instance in a digital loop carrier 
remote termination closet, at a DSLAM, or even at the distribution point. 

[0105] In certain embodiments, a distribution point can receive telecommunication 
information from a telecommunication information provider or other source of 
telecommunication information (block 716). As discussed above, the telecommunication 
25 information can comprise a plurality of sets of telecommunication information, and each 
telecommunication information set can be associated with a particular telecommunication 
service. In many embodiments, the distribution point can receive the plurality of 
telecommunication information sets from a plurality of telecommunication information 
providers. 

30 [0106] At block 720, the telecommunication information can be transmitted to the 
demarcation device through the external transport medium. Generally, the 
telecommunication information can be transmitted from the distribution point, although, as 
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discussed above, the distribution point need be neither the ultimate source nor the ultimate 
destination of the telecommunication information. At block 724, the distribution point (or 
other facility) can receive a request, either for configuration information as discussed above, 
or for a particular telecommunication information set, and, in certain embodiments, the 
5 distribution point can forward that request to the appropriate telecommunication information 
provider (block 728). At block 732, the distribution point can receive information {e.g., 
telecommunication information, perhaps including configuration information) from the 
telecommunication information provider that is responsive to the request, and at block 736, 
that responsive information can be transmitted to the demarcation device, whether generated 
10 by the distribution point (and/or an associated control point) or the telecommunication 
information provider. 

[0107] At block 740, the demarcation device optionally can separate any 
telecommunication information received from the distribution point (whether or not sent in 
response to a request from the demarcation device) into discrete information sets, according 

15 to, inter alia, any of the criteria discussed above. Once the information sets have been 

separated, the demarcation device can take the appropriate action for each. Such actions can 
include processing the information set (perhaps with a processing system similar to that 
described above), transmitting the information set to a particular internal transport medium 
(see block 748 below), consolidating the information with one or more other information sets 

20 for combined transmission onto an internal transport medium, storing the information set 

(perhaps to a storage device, as discussed above), and discarding the information set, among 
other things. 

[0108] At block 744, the demarcation device optionally can mediate the flow of 
telecommunication information between the internal transport medium and the external 

25 transport medium. This can be done in a variety of ways, including filtering the signals 

and/or frequencies sent from one transport medium to the other so as to diminish interference 
on one network by extraneous information, signals, and/or frequencies transmitted 
(intentionally or inadvertently) by the other. Mediating the flow of information can also 
include filtering the information sent through the demarcation device, such that particular 

30 telecommunication information (and/or information sets) can be treated differently from other 
information (and/or information sets). For instance, as discussed above, a given information 
set can be processed, routed or stored differently than other sets. 
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[0109] At block 728, the telecommunication information (or a subset thereof) can be 
transmitted to the customer premises by the demarcation device. Those skilled in the art will 
appreciate that, that while for ease of description, method 700 has been described with 
respect to unidirectional information flow (from a distribution point to a customer premises), 
5 certain embodiments of the invention easily can accommodate information flow in the 

opposite direction, as well as bi-directional information flow. Thus, information also could 
be transmitted from a CPE, through the internal transport medium, to the demarcation device. 
The demarcation device then could separate that telecommunication information into 
information sets, if necessary, and take any of a variety of actions (including those discussed 
10 above) with respect to each information set, including transmitting the information in the 
information set to the distribution point via the external medium. 

[0110] Likewise, methods in accordance with certain embodiments of the invention can 
support the transmission of telecommunication information from a CPE, through a 
demarcation device, to a distribution point, and, ultimately to a telecommunication 
1 5 information provider. Further, methods according to other embodiments allow for 
simultaneous and/or near simultaneous two-way transmission of telecommunication. 

r 

[0111] Attention is directed to Fig. 7, which illustrates a specific example of a demarcation 
device 750 having the ability to serve as the termination point for one or more virtual private 
networks ("VPNs"). The demarcation device 750 may comprise a NID as previously 

20 described. The demarcation device 750 includes an interface 752 to an external transport 
medium 754, which may comprise any of the previously-described networks. The 
demarcation device 750 also includes an interface 756 to an internal transport medium 758, 
which may be any of the previously-described internal networks. Both interfaces 752, 756 
may comprise twisted pair connections, coaxial connections, fiber optic connections, wireless 

25 connections, and the like. The demarcation device 750 also includes a microserver 760, as 
previously described. 

[0112] In some embodiments of the invention relating to receiving information from an 
external transport medium via VPN terminated in the demarcation device, the microserver 
comprises a Digital Signal Processor with micro code embedded to support the VPN 
30 functions. These functions may include one or more of the following: encryption (hardware 
and/or software), encryption levels (e.g., DES, 3DES, and the like), IP address pairing, and 
encryptions key exchange process, in accordance with well know VPN protocols. The IP 
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address pairing may be public, for example, if the VPN microserver is accessible from the 
Internet, or private, otherwise. The microserver may be firmware upgradeable and also may 
be designed as a plug-and-play component. 

[0113] According to this example of the present invention, the microserver 760 of the 
5 demarcation device 750 may be programmed to serve as the termination point 762 for one or 
more VPNs. This provides the advantage that each of several service providers may 
communicate securely with the demarcation device 750. Additionally, however, the 
microserver 760 also may server as an origin 764 for one or more virtual local area networks 
("VLANs") to which information received from an external transport medium may be 
10 mapped. Thus, as will be described in more detail, the demarcation device 750 provides 

secure communication from a service provider to a customer's premises, and distributes the 
information within the customer's premises in an advantageous manner. 

[01 14] Distributing information within a customer's premises via VLANs controlled by a 
demarcation device may provide several advantages, not all of which are necessarily shared 

15 by each embodiment of the present invention. First, a single transport medium within the 

premises may carry several VLAN paths. This significantly reduces the infrastructure needed 
to operate a multitude of in-home devices. Second, a single VLAN may be carried over 
multiple transport media. Thus, one device may receive information via a particular VLAN 
using a wireless connection , while a second device receives information via the same VLAN 

20 using a fiber optic connection, for example. Additionally, having the same VLAN operate 
over two different transport media improves the reliability of the information flow due to the 
redundancy. Third, VLANs may be application specific, providing the ability to control 
content, access, and the like. As an example, parents may allow themselves a higher level of 
access than their children and may provide themselves content according to their level of 

25 access. Fourth, each VLAN may be optimized for the information it carries. For example, 

streaming protocols may be mapped to a VLAN specifically configured to control the quality 
and bit rates of such services. These are but a few potential advantages provided by 
embodiments of the present invention. 

[0115] Attention is now directed to Fig. 8, which illustrates one specific example of a 
30 system 800, in which multiple different service providers 802 may communicate via VPNs to 
a single NID 804. The NID 804 then distributes the signals to each of several devices 806 via 
VLANs, as will be described in more detail hereinafter. Associated with each service 
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provider is a VPN termination 808 through which information may be encrypted for secure 
transportation to the NID 804. The information passes through a network 810, which may be 
any of the previously-described networks. The NID 804 receives the information from a 
specific service provider 802 and decrypts it using a VPN termination internal to the NED 
5 804. Alternatively, information may pass from a service provider 802 to a device 806 
without being decrypted by the NID 804, in which case the device itself may perform the 
decryption (i.e., serve as it own VPN termination point). Information received by the NID 
804 from service providers 802 is directed to one of several VLANs 812 that distribute the 
information to the devices 806. In some embodiments, information may arrive at the NID 
10 804 without first being encrypted by a VPN termination at a service provider location (i.e., 
unsecured). This information may nevertheless be distributed within the customer's premises 
via a VLAN as previously described. Specific examples of several different service 
distributions are provided below. 

[0116] In one embodiment, the service provider 802-1 comprises a utility company, such as 
15 a gas company. At a customer's premises, a gas meter 806-1 is configured to measure a 
customer's gas meter, monitor the operational status of the customer's gas system, and the 
like. Through VPN termination 808-1, the gas company is able to communicate securely 
with the customer's NID 804. The NID 804 recognizes information from the gas company as 
such as decrypts it using an internal VPN termination. As will be described more fully 
20 below, the NID also recognizes that information from the gas company is destined for the gas 
meter 806-1. Thus, the NID distributes the information to the gas meter 806-1 via the VLAN 
812-1. Information from the gas meter 806-1 to the gas company is transmitted using the 
reverse process. 

[0117] In another embodiment, the service provider 802-2 comprises a corporate network. 
25 A user at the customer's premises desires to establish a VPN connection with the corporate 

network using a computer 806-2 residing on VLAN 812-2 within the customer's premises. 

The computer 806-2 is capable of serving as its own VPN termination, and the user desires 

the information to remain encrypted, even within the customer' premises. Thus, the VPN in 

this example is not terminated in the NID 804. Thus, the user establishes a VPN connection 
30 between the computer 806-2 and the VPN termination 808-2. The NID recognizes 

information from the corporate network 802-2 as such and directs the encrypted information 

to the computer 806-2 via the VLAN 812-2. 
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[0118] In still another embodiment, the service provider 802-3 comprises a video 
distributor (e.g., a television programming service provider). Occasionally, this service 
provider 802-3 sends broadcast messages to its customers. Such messages need not be 
encrypted, so the service provider 802-3 sends the messages to the NID 804 in unencrypted 
5 form. At the customer's premises, however, a number of television programming boxes (i.e., 
devices 806-3, 806-4) are configured to receive such messages via the VLAN 812-3. Thus, 
the NID 804 directs such messages to the VLAN 812-3 where then are distributed to the 
appropriate devices 806-3, 806-4. Many other examples are possible and apparent to those 
skilled in the art in light of this disclosure. 

10 [0119] Attention is now directed to Fig. 9, which illustrates a routing table 900, which, in 
some embodiments, resides in a demarcation device and controls the distribution of 
information from service providers to internal devices. The routing table includes entries for 
type of service (the service being provided by a service provider), VPN termination device 
(i.e., where the VPN is terminated at the customer's premises, if information is received at 

15 the premises via VPN), VLAN # (i.e., which VLAN the service is distributed on inside the 
customer's premises), device address (the address within the NID to which information 
intended for the device is directed), and MAC Address/Port (i.e., the MAC address of the 
device to which information is directed). The function of a routing table is explained 
immediately hereinafter. 

20 [0120] A demarcation device uses a routing table, such as the routing table 900, to direct 
signals received from external transport media to internal transport media. Incoming signals 
may be via a VPN, and internal signals may be distributed by VLAN, although neither is 
necessarily the case. When an inbound signal is received, the demarcation device recognizes 
the source of the signal and uses this information to determine an internal destination for it. 

25 For example, when a demarcation device (in this case a NID) receives a query from a water 
company (See Fig. 9 entry for water meter) addressed to the NID, it recognizes the signal as a 
query of a water meter originating from the water company. The NID uses this information, 
together with information from the routing table, to discern that the signal, which arrives via 
VPN terminated in the NID, should be directed to the water meter attached to it. The water 

30 meter is located on internal VLAN number 9 and has a MAC address of 03 04 75 19 4b 23 in 
this example. Thus, the NID uses VLAN protocols to direct the query to the water meter at 
that address. 



39 



[0121] In another example, a NID receives a signal from an external AS 400. Although the 
signal arrives via VPN, the NID recognizes that the VPN termination for the signal is at an 
internal computer (See Fig. 9 entry for AS 400) located on internal VLAN number 2 at MAC 
address 00 04 75 19 4b 91. Thus, the NID uses VLAN protocols to route the encrypted signal 
5 to the computer. Those skilled in the art will recognize many other examples in light of this 
description. 

[0122] The VLAN # entries of the routing table are sometimes referred to as "VLAN tags." 
VLAN tags identify a VLAN to which information packets belong. Current VLAN protocols 
limit the number of VLAN tags, and thus VLANs, that may operate over a common network. 

10 Such limitations prevent VLANs from being useful to distribute information from service 

providers to devices at customer's premises'; the shear number of such VLANs that would be 
required to extend from sources to destinations would simply overwhelm current protocols. 
The introduction of a demarcation device according to embodiments of the invention, 
however, overcomes this limitation, since the VLANs of these embodiments extend no 

15 farther than the internal transport media. Thus, each individual customer could, theoretically, 
have the maximum number of VLANs possible using existing protocols. Further, a service 
provider that uses an external medium to communicate with a plurality of customers (e.g., a 
utility company) could be assigned a VLAN tag that it uses for each customer premises. This 
may greatly simplify the registration process for network devices, as will be explained further 

20 below. 

[0123] The MAC Addr/Port entry of the routing table identifies the address the 
demarcation device uses to correctly route information or information packets to a specific 
device. In this specific embodiment, the entries comprise MAC addresses, which are known; 
however, other types of addressing protocols may be used. As will be explained in more 
25 detail below, during the registration process, a device registering with a demarcation device 
may supply the full MAC address or only a portion of it. It may be the case that the routing 
table is pre-populated by a service provider with a portion of the MAC address. 

[0124] It should be noted that the routing tables represent only one possible solution for 
signal mapping from an external transport medium to an internal transport medium. Other 
30 solutions, both hardware and software, exist. 

[0125] Having described demarcation devices providing VPN and VLAN capability and 
systems for using them according to embodiments of the invention, attention is directed to 
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Fig. 10, which illustrates a method 1000 for configuring such devices. The method 100 is but 
one example; others are possible. In one aspect of the embodiment, at block 102 a customer 
acquires a device (e.g., CPE) used to provide a service, which may be any of the previously- 
described services than may be delivered via a demarcation device. At block 1004, the 
5 customer requests the associated service from a service provider. This aspect recognizes than 
some suitable devices for use at a customer's premises may be used with any of a number of 
service providers. In another aspect, the customer requests service from a service provider at 
block 1006, and the service provider delivers the associated device to the customer at block 
1008. In this aspect, the device may be configured specifically for the service provided by 
10 the service provider. Other examples are possible. 

[0126] In either of the aspects discussed above, requesting service for the service provider 
may include establishing an account with the service provider and providing information to 
the service provider that the service provider uses to address the customer's demarcation 
device. Such information may include the model number of the customer's demarcation 
15 device, the serial number of the demarcation device, the network or networks to which the 
customer's demarcation device is connected, and/or the like. 

[0127] In either of the aspects discussed above, or in other embodiments, the service 
provider initializes the customer's demarcation device at block 1010. Initializing the 
customer's demarcation device may include any of a number of activities, one of which may 

20 include establishing a VPN between the service provider and the customer's demarcation 
device. Establishing a VPN may include an authentication process through which the 
demarcation device determines the service provider's authority to access it. Another activity 
may include receiving information that at least partially populates a routing table of the 
demarcation device. This will be explained more fully in the example immediately 

25 hereinafter. 

[0128] In this example, referring again to Fig. 9, a customer wishes to establish water 
service with a particular water company. After the customer requests service and the water 
company obtains the customer's NID address, the water company accesses the customer's 
NID. After an authentication process in which the NID verifies the water company's 
30 authority to access it, the water company sends information that at least partially populates a 
routing table at the NID. The information includes, for example, the service (water meter) 
the location of the VPN termination that, at the other end, terminates at the water company 
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(IP NID, meaning that the VPN terminates on the customer's side inside the NED as opposed 
to another device at the customer's premises), the VLAN over which the service will travel 
inside the customer's premises (in this case 9, which may be the same for all customer's 
having water metering service delivered via NID in the area in which the customer lives), the 
5 device address (WaterMeter.NID, which is the address of the device with respect to the 
customer's NID), and possibly a portion of the MAC address of the water meter (03 04 75, 
which, in this case, is half of the MAC address, the other half being specific to the water 
meter to be installed at the customer's premises and provided by the water meter itself, as 
will be described). 

10 [0129] Continuing with the method 1000 of Fig. 10, at block 1012 the CPE is connected to 
the customer's network. In some cases this involves having the device installed by the 
service provider; in other cases this involves the customer connecting the device itself. Once 
connected, the CPE registers with the demarcation device. Different CPE devices may each 
register with the demarcation device differently. Some merely announce their presence with 

1 5 the demarcation device while others provide specific information to the demarcation device. 
For example, with respect to the example discussed above relating to water metering service, 
the customer's water meter provides information to the NID. In this example, the water 
meter sends the second half of the MAC address to the NID. Each water meter may have the 
same first half of MAC address; however, the second half is different for each water meter. 

20 Thus, once the water meter is connected to the network, it registers with the NID by sending 
its MAC address. The NID recognizes the device by the first portion of the MAC address 
and completes the field in the routing table by writing the second half of the MAC address to 
it. Those skilled in the art will recognize this as only one possibility. Others include, for 
example, writing more or less than half of the MAC address, manually writing information to 

25 the routing table using, for example, an installation computer and the like. 

[0130] It should be noted that the method 1000 is exemplary and other methods according 
to other embodiments of the invention may have more or fewer steps and may traverse the 
steps differently. Those skilled in the art will recognize these different possibilities. 

[0131] In conclusion, the present invention provides novel demarcation devices, along with 
30 systems and methods for using the same. While detailed descriptions of one or more 

embodiments of the invention have been given above, various alternatives, modifications, and 
equivalents will be apparent to those skilled in the art without varying from the spirit of the 
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invention. Therefore, the above description should not be taken as limiting the scope of the 
invention, which is defined by the appended claims. 
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